🛡️ AWS RDS Cluster Event Subscription for critical events is not configured🟢

• Contextual name: 🛡️ Cluster Event Subscription for critical events is not configured🟢
• ID: /ce/ca/aws/rds/cluster-event-subscription
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: RELIABILITY

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 AWS Account
  • 🔌 AWS RDS Event Subscription - object.extracts.yaml
  • 🧪 test-data.json

Similar Policies

• Cloud Conformity: RDS Event Notifications

Description

Open File

Description

This control evaluates whether there is an AWS RDS Event Subscription that is configured to send notifications for the following source type and event categories:

• Source type: db-cluster
• Event categories: maintenance, failure

Amazon RDS event notifications use Amazon SNS to inform you of changes to the availability or configuration of RDS resources, enabling timely operational awareness.

Rationale

Maintenance and failure events may indicate changes that directly impact the availability or configuration of DB clusters. Critical events, such as a primary instance failure, require immediate attention to maintain application availability and data integrity. Without appropriate event subscriptions, operational teams may not be alerted to these conditions in a timely manner, increasing the risk of prolonged service disruptions.

Audit

This policy flags an AWS Account as INCOMPLIANT if no Amazon RDS Event Subscriptions are configured to notify on maintenance and failure events for the db-cluster source type.

... see more

Remediation

Open File

Remediation

Create an RDS Event Subscription

Configure Amazon RDS event subscriptions to receive notifications for maintenance and failure events for DB clusters.

From Console

1. Sign in to the AWS Management Console.

2. Navigate to the Amazon RDS console.

3. In the navigation pane, under Amazon RDS, select Event subscriptions.

4. Choose Create event subscription.

5. On the Create event subscription page, configure the following settings:

   • Enter a unique name in the Name field.

   Target Section

   • For Send notifications to, choose one of the following:

     • Create a new Amazon SNS topic. Provide a unique Topic name and specify the email address(es) to receive notifications.
     • Select an existing Amazon SNS topic by choosing its ARN from the list.

   Source Section

   • Set Source type to Clusters.
   • For Clusters to include, select All clusters.
   • For Event categories to include, select Select specific event categories and choose maintenance and failure.

... see more

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [RDS.19] Existing RDS event notification subscriptions should be configured for critical cluster events			1		no data
💼 Cloudaware Framework → 💼 System Configuration			69		no data
💼 FedRAMP High Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	2		27		no data
💼 FedRAMP High Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)	2	7	23		no data
💼 FedRAMP Low Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	1		27		no data
💼 FedRAMP Low Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)			23		no data
💼 FedRAMP Moderate Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	2		27		no data
💼 FedRAMP Moderate Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)	2		23		no data
💼 NIST CSF v2.0 → 💼 DE.AE-02: Potentially adverse events are analyzed to better understand associated activities			50		no data
💼 NIST CSF v2.0 → 💼 DE.AE-03: Information is correlated from multiple sources			65		no data
💼 NIST CSF v2.0 → 💼 DE.CM-01: Networks and network services are monitored to find potentially adverse events			180		no data
💼 NIST CSF v2.0 → 💼 DE.CM-02: The physical environment is monitored to find potentially adverse events			27		no data
💼 NIST CSF v2.0 → 💼 DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events			100		no data
💼 NIST CSF v2.0 → 💼 DE.CM-06: External service provider activities and services are monitored to find potentially adverse events			50		no data
💼 NIST CSF v2.0 → 💼 DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events			181		no data
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations			45		no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties			59		no data
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities			60		no data
💼 NIST CSF v2.0 → 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded			46		no data
💼 NIST CSF v2.0 → 💼 ID.RA-07: Changes and exceptions are managed, assessed for risk impact, recorded, and tracked			49		no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		27		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-2 Flaw Remediation	6	6	20		no data